Piqueserver Bugs

Global PacketBlockAction::actionType

Any tool can use any action, however BlockActionTypeGrenadeDestroy (spadenade) was fixed after commit c3cc0963d9c7a16b424214ba02a5cab0cb0d7e1a

In versions that have the BlockActionTypeGrenadeDestroy bug, removed blocks are client-side only

BlockActionTypeBuild does not check if a block already exists at the specified position, making it possible to "paint" blocks that already exist.

Struct PacketBlockLine

In commits before 0204ac0a1936af8a10b0f6af8b1896b8356a7fda, block lines can still be made if either the start, the end or both do not touch a surface. If the start point does not touch a surface, then the blocks will become "ghost blocks". These blocks only exist client-side and cannot be removed by anything other than a smart client, a reconnect, the spade's alt-dig, grenades, or the "toppling" feature. The end point can also not touch a surface, but this has no effect on whether or not the blocks become "ghost blocks".

Commits before 0204ac0a1936af8a10b0f6af8b1896b8356a7fda have no or broken rapid-hack detection, making it possible to immediately build entire structures around the player with a size of 12x12x12. When combined with trusted teleportation and the above "ghost block" bug, a hacker can make nearly indestructible prisons around any player!

Global PacketChangeWeapon::packetID

*As a complete and utter showing of pyspades' (and therefore PySnip's and piqueserver's) excellence, the only reason the server is capable of sending this packet is because it doesn't have a reason. All packets of this type sent from the server can be safely ignored.

Struct PacketExistingPlayer

Piqueserver can leak the player's IP address with its "ban subscribe" feature, potentially adding further insult to injury.

Global PacketExistingPlayer::name [16]

This parameter can be left out entirely without being hardbanned by piqueserver and causes an OpenSpades bug in PacketCreatePlayer

This parameter is limited incorrectly by piqueserver not to 15 bytes and a NULL terminator, but rather 15 unicode code points, allowing four times the amount of bytes to be crammed into the player name!

Global PacketFogColour::packetID

*Piqueserver allows players to send this packet for some reason, which will work if the /fog command is authorized.

Struct PacketGrenade

Piqueserver removes grenades of players who have left, but most clients do not remove these grenades from their local world, causing them to appear as "duds" when they explode on the client-side. This behaviour is not present in SpadesX.

Trusted players can teleport grenades wherever they please, making it an even more deadly weapon than killaura on a shotgun/SMG, and an even more destructive tool than a hacked SMG.

Grenades do not count towards griefing team-kill.

Global PacketGrenade::fuseLength

Piqueserver commits before 13b5c322e3c557c8a4b24c61020e43d5d6463642 allow any time to be used, despite the fact that normally the maximum should be 3.

Struct PacketInputData

Involved in a patched bug described on the PacketOrientationData page.

Global PacketMapStart::mapSize

This garbage server always sends 1.5 MiB while misidentifying it as 2MB, even though the stream tends to not be 1.5/2 MiB but in fact a varying length.

Struct PacketOrientationData

NaN values will also bypass votekicks, and allow the player to rejoin with no repurcussions.

On piqueserver commits before 41b9af4a9a71cee4b1ca9f342e0862397434ca89, suddenly changing orientation to {0, 0, -1} while moving may cause the X and Y axes of the player's position to become NaN, without kicking the player. This may cause a hardban if you do something wrong (it is unknown what this wrong thing may be). This even works without trusted! Trusted might help, but further testing is needed to say for certain.

Just kidding, that bug wasn't actually patched, piqueserver is truly unfixable. My guess is some sort of overflow in to the negatives could be happening. How did I do the bug? I just multiplied my orientation a lot lmao. Let's try FLT_MAX for orientation!

Struct PacketPositionData

NaN values will also bypass votekicks, and allow the player to rejoin with no repurcussions.

Trusted players on piqueserver have rubberbanding disabled, which allows them to teleport anywhere on the map! (Even Z level 18446744073709551616!)

Player positions are not limited to the map's dimensions. I suggest a position limit of at least something like {0, 0, 63} to {512, 512, -8}

Players can no-clip into blocks by simply teleporting into them.

Struct PacketVersionResponse

This packet can be sent at any time (even long after a Version Request) and any quantity of times.

Global PacketVersionResponse::operatingSystemInfo [VARIABLE_LENGTH]

Sending an extremely large size for this parameter (there is a limit somewhere below 32 MiB) will cause the server to temporarily freeze, disconnecting every player connected. Tested with 16777216 bytes of data.

Struct PacketWorldUpdate

Involved in a patched bug described on the PacketOrientationData page.